An Eicher Motors premium calculator website on a subdomain of Toyota Tsusho Insurance Broker India exposed Microsoft's corporate cloud credentials.
The email sending API was returning email sending logs to the client, which contained the email account password (sic).
This password could of course be used to sign in to your Microsoft email account.”[email protected]”, which did not have two-factor authentication enabled.
This account had a record of all the emails they had ever sent to the company's customers, which were: 657.000 emails (~25GB) containing information such as customer information, PDFs of insurance policies, password reset links, OTPs and more but.
The hacker was able to gain access to other resources in Microsoft's cloud, as indicated by the corporate directory, SharePoint, and Teams.
The hacker informed the company about the vulnerabilities and Toyota Tsusho Insurance Broker India removed the vulnerable API 2 months+ after reporting it.
But the email password has not been changed yet.
See the hack steps
https://eaton-works.com/2024/01/17/ttibi-email-hack/